Vista still vulnerable

Experts say Windows Vista may still be susceptible to hackers,
reports Patrick Gray.

VULNERABILITIES in Windows Vista will plague users in coming
months and years, a prominent security researcher warns, despite
its security improvements over predecessor XP.

Security bug-hunters are now turning their attention to the new
platform and users should not expect Vista to be immune to attack,
said Marc Maiffret, founder and chief hacking officer of eEye
Digital Security.

"I don't think it's a huge leap forward," he says. "Here we are
a few weeks after Vista's been released to retail and there's
already been five or six different Vista-specific
vulnerabilities."

Last week eEye discovered a vulnerability in Microsoft's Office
2007 software which it claims can be exploited in Vista.

But Mr Maiffret does not blame the software giant for the
mismatch between the market's expectations about Vista's security
and the less palatable reality. "There's no other software company
that does more to secure their code than Microsoft," Mr Maiffret
says. "It's weird to me that a lot of people think there should be
this thing that we reach at some point where the operating system
is impenetrable... I don't think that is ever going to happen."

Matt Thomlinson, Microsoft's senior director of security
engineering, says Vista is a vast improvement on XP. He highlights
the system's handling of system memory as a big step forward.

Protective measures that detect the abuse of a computer's memory
by an attacker have been written into the operating system, and
Vista's processes are now loaded randomly into memory for security
purposes.

By randomly placing system files into memory while booting, the
operating system is harder to attack, he says.

Some digital attacks require the perpetrator to know precisely
where certain processes are located in memory. By randomising the
layout of the operating system in a computer's memory, Mr
Thomlinson hopes Vista will sidestep an entire class of
attacks.

"The idea here is . . . we want our customers to get the
advantage of natural variation. Every Windows box looks just a
little bit different to an attacker," he says. "So if somebody is
writing (attack code) and they're depending on something being in a
certain place, it's not going to work, or it will only work one
half of 1 per cent of the time."

Chris Spencer, Australian vulnerability researcher and organiser
of the Sydney-based Ruxcon security conference, is more upbeat than
Mr Maiffret when assessing the improvements to Windows. "The heap
management system's been improved, so it's going to be a lot harder
to exploit vulnerabilities," he says. "Not impossible, but a lot
harder."

Like Mr Maiffret, Mr Spencer predicts bugs will still be found
in the operating system, but hackers and researchers like himself
will have to work much harder to transform security glitches into
meaningful attacks. "It's going to be a massive improvement," he
says.